Products ☀️  Solivia™ — Solar PV 🔋  GridGuard™ — BESS 💧  HydroShield™ — Green H₂ ← All Products Reinsurers Lenders About 🌿 Conference Request Coverage →
Data Protection & GDPR

Privacy Policy

Renewables Re — Data Protection & GDPR Compliance

Effective date: 1 January 2026

1. Data Controller

The data controller responsible for processing your personal data is:

Legal nameHankook Insurance and Reinsurance Brokers s.r.o.
Trading asRenewables Re
IČO02693607
Registered addressLighthouse Towers, Holešovice, Prague 170 00, Czech Republic
Regulatory authorityCzech National Bank (ČNB)
Contact telephone+420 722 705 365
Responsible personRandhir Kumar Jha, CEO
2. Personal Data We Collect

We collect only the minimum personal data necessary to respond to your enquiry or fulfil our regulatory obligations. We collect:

  • Contact form data: your name, email address, company name, and the content of your message, submitted voluntarily when you use our contact or enquiry form.
  • Server log analytics: anonymised records of page visits (IP address truncated to remove the final octet, browser type, referring URL, and timestamp). These logs do not identify you as an individual and are used solely for security monitoring and service improvement.
  • Functional session cookies: strictly necessary cookies that maintain your session while you navigate the site. No tracking, advertising, or profiling cookies are used. See Section 9 for full cookie information.

We do not collect sensitive personal data (special category data under Art. 9 GDPR). We do not collect payment card data or financial account information through this website.

3. Legal Basis for Processing

All processing of your personal data is carried out on one of the following lawful bases under the General Data Protection Regulation (GDPR) Regulation (EU) 2016/679:

  • Art. 6(1)(b) GDPR — Performance of a contract: where you submit an enquiry requesting a coverage quotation or product information, processing your contact details is necessary to respond to your request and take pre-contractual steps.
  • Art. 6(1)(c) GDPR — Legal obligation: we are required to retain records of client interactions under Zákon č. 170/2018 Sb., o distribuci pojištění a zajištění (the Czech Insurance and Reinsurance Distribution Act) and related ČNB supervisory requirements. We cannot waive this obligation.
  • Art. 6(1)(f) GDPR — Legitimate interests: anonymised server log data is processed for the purposes of security monitoring, fraud prevention, and service integrity. Our legitimate interest in protecting the security of this website and its users overrides any privacy impact, given that the data is anonymised.

We do not rely on consent as a legal basis for processing, as all processing is conducted under the bases listed above. You therefore do not need to opt in to use this website.

4. How We Use Your Data

Personal data collected through this website is used exclusively for the following purposes:

  • Responding to enquiries: to reply to contact form submissions, answer questions about our products, and provide requested product information or coverage quotations.
  • Product facilitation: where your enquiry progresses to a coverage placement, your contact details may be shared with the relevant licensed insurer or reinsurer to facilitate the insurance transaction (see Section 7).
  • Regulatory record-keeping: under Zákon č. 170/2018 Sb., we are required to maintain records of client interactions and distribution activities. Enquiry correspondence is retained in our regulatory compliance file.
  • Security and fraud prevention: anonymised server logs are reviewed for unusual access patterns, attempted intrusions, or abuse of the contact form.

We do not use your data for marketing to third parties, automated profiling, or any purpose beyond those listed above.

5. Data Retention

We retain personal data only for as long as necessary for the purpose for which it was collected, and no longer than required by applicable law:

  • Enquiry and correspondence data: retained for 5 years from the date of the enquiry. This retention period is required by Zákon č. 170/2018 Sb. and ČNB supervisory guidance on record-keeping obligations for insurance and reinsurance intermediaries.
  • Anonymised server log analytics: deleted or overwritten after 12 months from the date of collection. Because these logs do not identify individuals, their deletion is a security practice rather than a GDPR obligation, but we apply it consistently.

After the applicable retention period expires, personal data is securely deleted from all systems and backup records.

6. Data Sharing and Third Parties

We do not sell, rent, or otherwise transfer your personal data to third parties for marketing, advertising, or commercial purposes.

Personal data may be shared in the following limited circumstances:

  • Licensed insurers and reinsurers: where your enquiry requires us to obtain a coverage quotation from an insurer or reinsurer, we will share your name, company name, and enquiry details with that counterparty. All counterparties we work with are licensed financial institutions subject to their own GDPR and data protection obligations. We will inform you before making such a disclosure.
  • Regulatory authorities: we may disclose personal data to the Czech National Bank (ČNB), Úřad pro ochranu osobních údajů (ÚOÚÚ), or other competent authorities where required by law or supervisory order.
  • Legal proceedings: where required to comply with a court order or legal process.

We do not use third-party analytics platforms (such as Google Analytics), social media tracking pixels, or any external data processors that would receive your personal data as a result of visiting this website.

7. Your Rights Under GDPR

Under the General Data Protection Regulation (EU) 2016/679, you have the following rights in relation to personal data we hold about you:

Right of Access (Art. 15)
You may request a copy of the personal data we hold about you, together with information about how it is processed.
Right to Rectification (Art. 16)
You may request correction of inaccurate or incomplete personal data we hold about you.
Right to Erasure (Art. 17)
You may request deletion of your personal data where we no longer have a lawful basis to retain it. Note: regulatory retention obligations (Art. 6(1)(c)) may limit this right.
Right to Data Portability (Art. 20)
Where processing is based on Art. 6(1)(b), you may request your data in a structured, machine-readable format.
Right to Restriction (Art. 18)
You may request that we restrict processing of your personal data in certain circumstances, for example while a rectification request is resolved.
Right to Object (Art. 21)
You may object to processing carried out on the basis of Art. 6(1)(f) (legitimate interests). We will cease processing unless we can demonstrate compelling legitimate grounds.

To exercise any of these rights, please contact us by email with the subject line "GDPR Request" — see Section 10.

You also have the right to lodge a complaint with the supervisory authority — see Section 11.

8. Cookies

This website uses only strictly necessary functional cookies. These cookies are essential for the operation of the website (for example, to maintain your navigation session) and cannot be switched off without disabling core website functionality.

We do not use:

  • Tracking or analytics cookies (including Google Analytics, Hotjar, or similar)
  • Advertising or retargeting cookies
  • Social media tracking pixels
  • Any third-party cookies that identify you across websites

Because we use only strictly necessary cookies, we are not required to obtain your consent before placing them under the ePrivacy Directive (implemented in Czech law). No cookie consent banner is required or displayed.

If you wish to delete all cookies placed by this website, you may do so through your browser settings. This will not affect your ability to view the website but may reset any functional session state.

9. How to Exercise Your Rights

To exercise any of your GDPR rights (access, rectification, erasure, portability, restriction, or objection), please contact us as follows:

Subject lineGDPR Request
Telephone+420 722 705 365
Postal addressHankook Insurance and Reinsurance Brokers s.r.o., Lighthouse Towers, Holešovice, Prague 170 00, Czech Republic

We will acknowledge your request within 5 working days and respond in full within 30 calendar days as required under Art. 12(3) GDPR. Where a request is complex or involves multiple rights, we may extend this period by a further two months, in which case we will notify you of the extension and the reason.

We may ask you to verify your identity before processing a rights request, to prevent unauthorised disclosure of personal data.

10. Supervisory Authority

If you believe that our processing of your personal data does not comply with GDPR, you have the right to lodge a complaint with the competent supervisory authority:

Úřad pro ochranu osobních údajů (ÚOÚÚ)

Pplk. Sochora 27, 170 00 Praha 7, Czech Republic

Website: www.uoou.cz

ÚOÚÚ is the Czech national supervisory authority for data protection, designated under Art. 51 GDPR. Complaints may be submitted via the ÚOÚÚ website or by post to the address above.

We would welcome the opportunity to address any concern directly before a formal complaint is made. Please contact us first using the details in Section 9.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data processing activities, applicable law, or regulatory guidance. The effective date at the top of this page will be updated whenever a change is made.

Where we make material changes to the way we process your personal data — for example, adding a new purpose or a new category of data — we will notify you by posting a clear notice on this website and, where we hold your contact details, by direct notification.

We encourage you to review this page periodically. Continued use of the website after a policy update constitutes acknowledgement of the revised policy, though it does not in any way diminish your rights under GDPR.

This policy was last reviewed and updated on 19 May 2026. The current version supersedes all previous versions.